Hodgegoblin

Set up Shadowsocks server on Raspberry Pi

By QuLk @ 2018.7.12

This article uses RASPBERRY PI 3 MODEL B, OS version: Raspbian GNU/Linux 9 (stretch).

	#!/bin/bash
	# check_user_lastseen - report on users who have not logged in for a while
	# Purpose:
	# This script tries to find idle accounts and any orphaned homedirs
	# Currently is Linux biased but capacity for portability is there
	# Author: Rawiri Blundell
	# Copyright: See provided LICENCE file
	###############################################################################
	# Source the config mapping library
	# Provides variables "${thisHost}", "${thisJob}" and

	::
	::#######################################################################
	::
	:: Change file associations to protect against common ransomware attacks
	:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
	:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
	:: ---------------------
	ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
	ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
	ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"

	[WinEventLog://Security]
	disabled = 0
	start_from = oldest
	current_only = 0
	evt_resolve_ad_obj = 1
	checkpointInterval = 5
	blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
	blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
	blacklist3 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool\|splunkd\|splunk\|splunk\-(?:MonitorNoHandle\|admon\|netmon\|perfmon\|powershell\|regmon\|winevtlog\|winhostinfo\|winprintmon\|wmi\|optimize))\.exe)"
	blacklist4 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool\|splunkd\|splunk\|splunk\-(?:MonitorNoHandle\|admon\|netmon\|perfmon\|powershell\|regmon\|winevtlog\|winhostinfo\|winprintmon\|wmi\|optimize))\.exe)"

	[WinEventLog:Security]
	#Returns most of the space savings XML would provide
	SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
	SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
	SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
	SEDCMD-clean3-blank_ipv6 = s/::ffff://g
	SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
	SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
	SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
	SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g

	# Copyright 2019, Alexander Hass
	# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
	#
	# After running this script the computer only supports:
	# - TLS 1.2
	#
	# Version 3.0.1, see CHANGELOG.txt for changes.

	Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
	Write-Host '--------------------------------------------------------------------------------'

	#!/bin/bash

	splunk_home=/opt/splunk/etc
	my_users=$splunk_home/apps/my_domain/lookups/my_users.csv
	users=$splunk_home/users
	authfile=$splunk_home/new-auths.txt

	# Clear the auth file
	: > $authfile